25-year-old Indian security expert explains FBI iPhone hack

Apple was recently in the news though not so much for its next sleek, shiny gadget. The FBI had asked Apple to crack the security function without erasing contents of the iPhone 5c used by Syed Farook, who with his wife, Tashfeen Malik, carried out the December mass shooting in San Bernardino, that left 14 dead. Apple refused and was then caught in a legal battle with the US government. The case was dissolved once the FBI found a way to break through the phone’s security, using the services of a third-party.

In an EXCLUSIVE INTERVIEW Saket Modi, Co-founder, Lucideus Tech, gives Brian Pereira, Editor, Digital Creed his perspective on the controversial case. Saket is India’s technology whizkid in the Cybersecurity domain and his firm was recently selected by India Banking regulator RBI to secure the UPI (Unified Payments Interface). Forbes India also featured him in its prestigious 30 under 30 list.

Could Apple really have hacked the phone if it wanted to? And what are the ways in which an iPhone could be hacked? Read on to find out.

Q. Do you think Apple and other tech companies should cooperate with Governments with a larger interest of securing society and helping reduce crime? Or is consumer privacy more important?

Saket Modi, Co-founder, Lucideus Tech

Saket: You are not paying a penny to use services from Google or Facebook. Does that mean Google and Facebook should be concerned about your privacy? You are using their platforms for professional and personal purposes. So you should not be expecting anything in return. But Facebook and Google have to be concerned about your privacy for two reasons:

Firstly, they are making money by selling you (data) as a product. And they would be handling their money making assets in a responsible way.

But the second and larger reason is about scale. When there is a scale in proportion involving an individual or entity, there is a minimum responsibility that he/it owes to the entire ecosystem — because of which it reached that scale.

Take the example of (Bollywood actor) Ranveer Singh and the AIB Roast controversy. It received a lot of criticism and was soon taken off the Internet. It was vulgar and touched certain aspects of society. As a free individual, Ranveer Singh has freedom of speech and can say anything. But the moment you become a public figure, you become an inspiration to an entire generation. People are listening carefully to what you say and they try to idolize you. So there is an automatic (and assumed) responsibility. It is expected from you, if you are at that stature.

Now Apple is not just a technology or product company — it is an enabler for us to get something done. With its scale and size Apple is impacting the lives of billions of people across the planet (directly or indirectly). So there is a minimum responsibility that it has to follow. Apple has to support the law enforcement in all aspects. It should help the FBI and other agencies. This is inline with not compromising on the security of every Apple device owner.

But the FBI requested Apple to put a backdoor, and that is not the right way to help law enforcement. It is like saying that I will develop a bomb that is publicly accessible, but I will only give its code to the FBI. Now it is only a matter of time until some bad guy will be able to infiltrate that bomb (crack the code) and use it to his advantage.

So Apple owes responsibility to all its shareholders and to every owner of its devices. Even indirectly. If I do not own an Apple device, but if an Apple user shares a photo with me, I will access it from the Apple iCloud (where it is stored). So Apple is also responsible to me, indirectly.

Q. Do you think Apple could have really cracked the passcode if it wanted to? How did the third-party do it? What are the various ways of doing this?

Saket: Apple said they were unable to do that because of the restrictions that they put on the iPhone. Apple said they were unable to do that because of the restrictions that they put on the iPhone. It is possible that Apple really did not know how to unlock the iPhone, but that doesn’t mean that there isn’t a way to get into the iPhone.

There was a company from Tel Aviv, Israel called Cellebrite that did it; the FBI paid them more than $1.34 million to do that. Cellebrite is a leading mobile forensics company. Many law enforcement agencies in India are using Cellebrite products.

One possible hack is through the SS7 protocol, which is used for telecom switching. As you move about, the call that is transmitted to your phone is relayed from one tower to another, so that you are always connected to the nearest transmitting tower. This is enabled by the SS7 protocol. In one of the articles I read (and I cannot confirm its authenticity) it was reported that the company was able to find out the required information through a vulnerability in SS7. But this is unconfirmed.

But this is not a new case. Apple iPhones have been hacked multiple times in the past. The first versions of the iOS 6 and 7 have a lock screen bypass. If you press the power button and the home button simultaneously in a pattern, it will be able to bypass the lock screen. Of course, you cannot do this in the latest versions, though.

Of course, you cannot do this in the latest versions, though.

——————————————————————————————————————————–

RELATED VIDEO: We recommend the hilarious video on encryption by John Oliver (fast forward to 2:19) — We love it!

———————————————————————————————————————————–

Q. Is Apple iOS foolproof and hack proof? Can you explain how these security vulnerabilities pop up now and then?

Saket: Apple does not tell its consumers that its security is not foolproof. There are many times when there are flaws that Apple programmers are unaware of. And when they do find out, they release patches and OS updates. When they ship the OS for the first time, they assume it is bug-free. But the Apple iOS has millions of lines of code, so it is possible that its security experts could sometimes overlook a flaw. It is possible that Apple could be one step behind the hackers, though it will never admit it.

So let’s use Apple devices with awareness. Don’t think that just because you are paying Rs 50,000 for the latest iPhone, your life is secured, and nobody can hack it.

Brian Pereira is an Indian journalist based in Mumbai. He has 25 years of technology journalism experience, and he's well known in the Indian IT industry. He is the former Editor of CHIP and InformationWeek magazines in India and has written technology articles for India's leading newspapers groups such as The Times of India and Indian Express Newspapers. Brian also writes on Aviation, startups and covers topics directed at small and medium businesses.
He also has event experience and once put together the conference program for CeBIT and INTEROP events in India.
Email: brian@digitalcreed.in
Twitter: @brian9p
Linkedin: https://in.linkedin.com/in/pereirabrian